Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Jun 2012 00:37:30 +0200
From:      Oliver Pinter <oliver.pntr@gmail.com>
To:        =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= <des@des.no>
Cc:        freebsd-security@freebsd.org
Subject:   blf uses only 2^4 round for passwd encoding?! [Re: Default password hash]
Message-ID:  <CAPjTQNGOLfb64rtz3gu4xGF8aqzcjD5QBEjM_gwwAykKQoyWgA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
http://svnweb.freebsd.org/base/head/secure/lib/libcrypt/crypt-blowfish.c?re=
vision=3D231986&view=3Dmarkup

145          static const char     *magic =3D "$2a$04$";
  146
  147                  /* Defaults */
  148          minr =3D 'a';
  149          logr =3D 4;
  150          rounds =3D 1 << logr;
  151
  152          /* If it starts with the magic string, then skip that */
  153          if(!strncmp(salt, magic, strlen(magic))) {
  154                  salt +=3D strlen(magic);
  155          }

grep 04 /etc/master.passwd:
root:$2a$04$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:0:0::0:0:=
XXX:/root:/bin/csh
xxxx:$2a$04$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:100X:100X=
::0:0:XXXXXXXXXXXXX:/home/xxxx:/bin/tcsh

16 rounds in 2012? It is not to weak?!

On 6/8/12, Dag-Erling Sm=F8rgrav <des@des.no> wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days.  We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> default instead of MD5, like on most Linux distributions?
>
> Index: etc/login.conf
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- etc/login.conf      (revision 236616)
> +++ etc/login.conf      (working copy)
> @@ -23,7 +23,7 @@
>  # AND SEMANTICS'' section of getcap(3) for more escape sequences).
>
>  default:\
> -       :passwd_format=3Dmd5:\
> +       :passwd_format=3Dsha512:\
>         :copyright=3D/etc/COPYRIGHT:\
>         :welcome=3D/etc/motd:\
>         :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,FTP_PASSIVE_MODE=3DYES=
:\
>
> DES
> --
> Dag-Erling Sm=F8rgrav - des@des.no
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or=
g"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPjTQNGOLfb64rtz3gu4xGF8aqzcjD5QBEjM_gwwAykKQoyWgA>